Verification Vs. Validation Doing Right Things vs. Doing Things Right Today I would like to talk about verification versus validation. With respect to security, businesses are often focused on doing the right things but fail to do the things right. Equifax is an example of an organization that strategically was doing the right things but …
Access Control Lists Access Control Lists Do you know who has access to your most sensitive data? Access Control Lists (ACLs) are developed to place people into groups to access various types of information. For instance, your HR department has access to employee salary and performance information, training and certifications, and medical plans. Likewise, the finance …
Cyber Security Awareness Training Cyber Security Awareness TrainingIncreases Company Security Cyber security awareness training provides the greatest assurance of reducing information system compromise. People remain the biggest weakness of any information system. Properly trained people on cyber security decreases the risk of system compromise by 80%[i]. Recently, an employee in another department presented me with …
Avoid These NIST Compliance Problems Why Do I Need NIST 800-171 Compliance? Small businesses that provide contractors to the Federal Government must implement the controls and safeguards of NIST SP 800-171 “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.” The National Institute of Standards and Technology requirements protect the confidentiality of Controlled Unclassified …